SYSTEM AND METHOD FOR SIMULATING NETWORK SECURITY THREATS AND ASSESSING NETWORK SECURITY

US 20170013008A1
Filed: 08/27/2015
Published: 01/12/2017
Est. Priority Date: 07/10/2015
Status: Active Grant

First Claim

Patent Images

1. A security assessment system for a computer network, comprising:

one or more security assessment computers controlled by a security assessor, and connected to a network; and

first executable program code for acting as an agent on a first end device on the network, the first executable program code configured to be executed by a browser application of the first end device,wherein the first executable program code is configured to initiate a simulation by requesting information from at least a first security assessment computer of the one or more security assessment computers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of security assessment of a network is described. The system may include one or more security assessment computers controlled by a security assessor, and connected to a network, and first executable program code for acting as an agent on a first end device on the network. The first executable program code is configured to be executed by a browser application of the first end device, and is configured to initiate a simulation by requesting information from at least a first security assessment computer of the one or more security assessment computers.

65 Citations

View as Search Results

25 Claims

1. A security assessment system for a computer network, comprising:
- one or more security assessment computers controlled by a security assessor, and connected to a network; and
  
  first executable program code for acting as an agent on a first end device on the network, the first executable program code configured to be executed by a browser application of the first end device,wherein the first executable program code is configured to initiate a simulation by requesting information from at least a first security assessment computer of the one or more security assessment computers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The security assessment system of claim 1, further comprising:
    - a storage at one of the one or more security assessment computers, the storage storing an entity profile indicating security assessment and simulation services to be administered to an entity with which the first end device is associated.
  - 3. The security assessment system of claim 1, wherein:
    - the first executable program code includes instructions that, when executed by the browser application, cause the browser application to simulate the implementation of one or more security threat techniques, tactics, or practices.
  - 4. The security assessment system of claim 3, wherein:
    - the one or more security threat techniques, tactics, or practices include at least one of;
      
      attempting to exfiltrate data from a sub-network that includes the first end device;
      
      attempting to perform a lateral scan of the sub-network; and
      
      attempting Domain Name Server (DNS) exfiltration of data from the sub-network.
  - 5. The security assessment system of claim 4, further comprising:
    - a command and control server that comprises the first security assessment computer, the command and control server configured to receive a request from the first executable program code executed by the browser application, and to send instructions to the browser application in response, to begin simulating the one or more security threat techniques, tactics, or practices.
  - 6. The security assessment system of claim 5, further comprising:
    - one or more bot servers configured to receive information associated with a simulation initiated by the first end device and to report simulation results to one of the one or more security assessment computers controlled by the security assessor.
  - 7. The security assessment system of claim 1, wherein:
    - the first executable program code includes an indicator used to automatically delete the first executable program code.
  - 8. The security assessment system of claim 1, further comprising:
    - second executable program code for serving as an agent on a second end device on the network, the second executable program code configured to be executed by a browser application of the second end device,wherein the second executable program code is configured to initiate the implementation of a simulation by requesting information from the first security assessment computer.
  - 9. The security assessment system of claim 8, wherein:
    - the first end device is a personal communication device; and
      
      the second end device is a personal communication device.

10. A method for security assessment of a computer network, the method comprising:
- transmitting first executable program code from a security assessor that controls one or more security assessment computers on a network to a first end device on the network, the first executable program code for acting as an agent on the first end device, and the first executable program code configured to be executed by a browser application of the first end device,wherein the first executable program code is configured to initiate the implementation of a simulation by requesting information from at least a first security assessment computer of the one or more security assessment computers.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, further comprising:
    - storing by the security assessor an entity profile indicating security assessment and simulation services to be administered to an entity with which the first end device is associated.
  - 12. The method of claim 11, wherein:
    - the entity profile indicates at what times certain simulations should be executed by particular agents; and
      
      those simulations are executed automatically based on the times.
  - 13. The method of claim 10, wherein:
    - the first executable program code includes instructions that, when executed by the browser application, cause the browser application to simulate one or more security threat techniques, tactics, or practices.
  - 14. The method of claim 13, wherein:
    - the one or more security threat techniques, tactics, or practices include at least one of;
      
      attempting to exfiltrate data from a sub-network that includes the first end device;
      
      attempting to perform a lateral scan of the sub-network; and
      
      attempting Domain Name Server (DNS) exfiltration of data from the sub-network.
  - 15. The method of claim 14, further comprising:
    - receiving a request from the first executable program code executed by the browser application, and sending instructions to the browser application in response, to begin simulating the one or more security threat techniques, tactics, or practices.
  - 16. The method of claim 15, further comprising:
    - receiving, at a bot server, information associated with a simulation initiated by the first end device, andreporting, from at least the bot server, simulation results to the security assessor.
  - 17. The method of claim 10, further comprising:
    - automatically deleting, by the browser application, the first executable program code from the first end device after the simulation has completed.
  - 18. The method of claim 10, further comprising:
    - transmitting second executable program code from the security assessor to a second end device on the network, the second executable program code for acting as an agent on the second end device, the second executable program code configured to be executed by a browser application of the second end device,wherein the second executable program code is configured to initiate a simulation by requesting information from at least the first security assessment computer.
  - 19. The method of claim 18, further comprising:
    - receiving, by the security assessor, simulation results as a result of the simulation initiated by the first executable program code and as a result of the simulation initiated by the second executable program code; and
      
      performing a security assessment based on the received simulation results.
  - 20. The method of claim 10, further comprising:
    - sending the first executable program code to the first end device based on a request received by the first end device, the request implemented with a code associated with the security assessor and previously sent to the end device.

21. A method of assessing security of a network, the method comprising:
- at a security assessor system, receiving, from browser-executed executable program code executing on a plurality of end devices, a plurality of respective requests, each request for initiating simulation of one or more security threat techniques, tactics, or practices, wherein the plurality of end devices are part of a sub-network; and
  
  in response to the plurality of requests, sending respective instructions to the respective end devices instructing each browser-executed executable program code to simulate one or more security threat techniques, tactics, or practices.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, further comprising:
    - receiving, by the security assessor, results of the respective simulated security threat techniques, tactics, or practices; and
      
      based on the results, assessing the security of the sub-network.
  - 23. The method of claim 21 further comprising:
    - automatically removing the browser-executed executable program code from the plurality of end devices.

24. A method of assessing security of a network, the method comprising:
- distributing a plurality of agents in the form of browser-executable program code to a respective plurality of end devices on a sub-network of a network;
  
  as a result of execution of the agents by browser applications on the end devices, performing a plurality of simulated security threat techniques, tactics, or practices on the sub-network;
  
  receiving information derived from the simulated security threat techniques, tactics, or practices and transmitted through the network; and
  
  based on the received information, assessing the security of the sub-network.
- View Dependent Claims (25)
- - 25. The method of claim 24, further comprising:
    - automatically removing the agents from their respective plurality of end devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Reliaquest Holdings, LLC
Original Assignee
vThreat, Inc. (ReliaQuest LLC)
Inventors
Paulsen, Gaige B., Carey, Marcus J.

Granted Patent

US 10,826,928 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 2463/144   Detection or countermeasure...

H04L 63/02   for separating internal fro...

H04L 63/102   Entity profiles

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR SIMULATING NETWORK SECURITY THREATS AND ASSESSING NETWORK SECURITY

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SIMULATING NETWORK SECURITY THREATS AND ASSESSING NETWORK SECURITY

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links